[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: Question about signing subkeys
From: David Shaw <dshaw () jabberwocky ! com>
Date: 2005-10-28 16:13:24
Message-ID: 20051028161324.GA26684 () jabberwocky ! com
[Download RAW message or body]
On Thu, Oct 27, 2005 at 11:09:45PM -0500, Joe Vender wrote:
> For what reasons would someone use a subkey as the signing key
> instead of using the primary key as the signing key? In other words,
> what are the advantages and disadvantages, if any, of using a subkey
> instead of a primary key for signing?
Advantages:
* Allows you to keep your primary key offline (a key that isn't there
is really difficult to compromise either accidentally or not).
* Allows you to roll your signing key (via expiry or revocation)
every now and then without losing signatures on your key from other
people.
* Allows you to use a different algorithm for signing than you use
for certification/identity. For example, using a big RSA key is
annoying for clearsigning since the signatures are large... but many
people like using a big RSA key for their primary key because it's
large. Using a signing DSA subkey and a big RSA primary is the best
of both worlds.
Disadvantages:
* Some keyservers can't handle it. This isn't too much of a problem
these days.
David
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic